-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.2316
                     chromium-browser security update
                             4 September 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-1301 CVE-2015-1300 CVE-2015-1299
                   CVE-2015-1298 CVE-2015-1297 CVE-2015-1296
                   CVE-2015-1295 CVE-2015-1294 CVE-2015-1293
                   CVE-2015-1292 CVE-2015-1291 

Reference:         ASB-2015.0088
                   ESB-2015.2312

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3351

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3351-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
September 03, 2015                    https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294
                 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298
                 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2015-1291

    A cross-origin bypass issue was discovered in DOM.

CVE-2015-1292

    Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker.

CVE-2015-1293

    Mariusz Mlynski discovered a cross-origin bypass issue in DOM.

CVE-2015-1294

    cloudfuzzer discovered a use-after-free issue in the Skia graphics
    library.

CVE-2015-1295

    A use-after-free issue was discovered in the printing component.

CVE-2015-1296

    zcorpan discovered a character spoofing issue.

CVE-2015-1297

    Alexander Kashev discovered a permission scoping error.

CVE-2015-1298

    Rob Wu discovered an error validating the URL of extensions.

CVE-2015-1299

    taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit
    library.

CVE-2015-1300

    cgvwzq discovered an information disclosure issue in the Blink/WebKit
    library.

CVE-2015-1301

    The chrome 45 development team found and fixed various issues
    during internal auditing.  Also multiple issues were fixed in
    the libv8 library, version 4.5.103.29.

For the stable distribution (jessie), these problems have been fixed in
version 45.0.2454.85-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed
once the gcc-5 transition completes.

For the unstable distribution (sid), these problems have been fixed in
version 45.0.2454.85-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJV6MUMAAoJELjWss0C1vRzV80gALAwbzKMcieds/gjOr0M0+jW
dexDtkPuVNQ5x58TQt3h8rqd/St/aDtApjuJqovOcGRyFRA4whhiEtoLtccjsb8C
2xBQycbddkq1DVXvjYxSbWBsE+Cv1HM6BSKfKU+y3wrPJJT/GLithJPa1TXW3U0B
aRdkwvESSooHl4TXfL6hf38pv3IDwBtOOTMa51w9PPi5gG5Xfw3AftN0LKr6GZID
yTTYw18rweMThPbESFt3IDXPJcKH9lap02qtrqB1cdf1lEsHrKFizTuUdtD6p+yC
uY7knmzNN8uXRZ3wWn7LXcJCgdoiifSYAKiT0c6gmmnWBjLHuXeNPXgTfO8l4nlg
Y6Fb0hjIBhqrO3y09ME1jsZLn4VxtNklm8Ioq1sF2RXWLJW7KM5bZSoID72gy2LW
W8fJrslMRWd86MY34aVlkifT4pta07vpCripNjYjKPUgzbIrvRZ1y7PT34oiBdtz
pvSNrbng7Y3cAisKhiNA+mHurH+bLxw8GOyUdL9ZpRaiGF9hcJR8Nntps3oHuF6g
RDAMxKEeP3Z0vNP8iqlSiudLW85P3/aRCj+qQaQXfy91cOwuU22YsnZ9/GxmRRli
KxwpT0JqKAW7fnUny81+lFSUN2zGpBxWquZMl9PDRCYvlSAV8OTuPly7p14gXjrh
c1bn7aXlbS4AHZfCLllNHynt4qLAddCGObKqbhR5CafzHmQMVilv5rNBR7sDn7Ql
C9EqTquZ1niYPp9NfNmveuRknemIZPWZPWuP1D798vDKZcYkQ7kFeZJUFFPF27mc
MiV4wdXJUSYyHDc7ZhzwUXjm7EKvU2wUR9M3/K1gd83Nq/h7+bv3TP0pnLiYSGOv
LAo3i4r9qEU3ETzTg0inAJQtob4XmsN0zYlrLSHRuPuaMLXQdzn7RWWQXBo0nA6s
r11ppkqZjnryniY9KEsLLwZzTfpepwbRPyMpzR+KvdzEuvYdHVFn52Rid/UOfLA/
iXYehrZgXeTcDyHhVTuzIA5PxorQazFOHpHjlICpFv1qMXizutu4P8935kENC5N+
QZH5ArnQrTyAJ2JcIdx4NNEbR6c8fx7jENiJA+1PulxoO0ctJfXtUpTBXWFezbcS
KDPZdswAYhnzIHjF6HIdSkAaI/tSFQPuZwd6rdFzA2um0gJUr3Gq+63h0dwQUdMu
PGyRvdpS3Q/hag0O2vOLOcJPzEgF8ykjDMGLvwhh/xO0uax/beJAP+gV4WcBwGzu
BaYiyc2PaXkzFEDebGnr3lAi5hLD37e2PXQRsJar9VHrV2Xxne16hJZTJJ479sBL
DMuebEqvgS4wu/PnnpCbcIrKXT1UgkSL36WGm0axv9yh4Yc+O/hS5tEmTIe5eK4=
=mOrm
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVej4Bn6ZAP0PgtI9AQITKQ//Q+ov7GflxUfYNdZP+T3QgXg+QReZ6wXo
fxQdL1/+FDoyscy7IcFPj3x2CO8rOdu4V0ubWhuAaH4VyFhZuqOlqdEo4FrZnjIl
Oemwj/HporBAyB28sY+Eq0FvuRv2xhrtZG0Wt6v3AdSTMbbdxiHTwwo+dYmOfaHH
1wY3iQikriKltg5aFBwmVe4N5VfgmAbmMh7OwwWngyyLqYjs1cEVGQyn+ugzp4+W
/khBmd2seNX7kOyWmMekkrhG5wBCIXSNgXkivdBILKlNIXx8iuAPL7RL/FplcYhs
3PG7avkJh7KAdhpgXRN+vSZFzGRB5DEntx6MT4UiPEOFyN49q6FYzPuy8NiUFk3i
3hhOrCQ2Y/hu9xjR5/vbrEstimNp6DeCoArm+XWX7WIVU77V/4gTnG26i0tawmaA
8QW97w94wuQSyqn8f4FO8H59GBwD9RtmH/EMD43NUGX9nmqd/JatZcbhskFWGDJo
n3UqrItxFN4JIfcisEOOMjceYRCxEC8E91wh0wSjQ51QSvkoLki2ScTI5iMV5XNC
SeIMgsbcQqoiBLcwADOsVG7S7F0R/y7pz+XQGB+0edEnethwUu86uk7JVIjkQZOa
xydphB6C87GN0dFd+nQenXGR2gcHVEUDWDmut7E6PIr1UwLpe4eI8+bsNM7i31jm
lkT9bkCcT8M=
=pY9R
-----END PGP SIGNATURE-----